Log digests of snapshots (#7300)

Co-authored-by: Amaury Chamayou <amaury@xargs.fr>

Author: cjen1-msft

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [5.0.23]
+
+[5.0.23]: https://github.com/microsoft/CCF/releases/tag/5.0.23
+
+### Added
+
+- Logging of snapshot digests
+
 ## [5.0.22]
 
 [5.0.22]: https://github.com/microsoft/CCF/releases/tag/5.0.22

src/host/main.cpp

@@ -8,6 +8,7 @@
 #include "ccf/version.h"
 #include "config_schema.h"
 #include "configuration.h"
+#include "crypto/openssl/hash.h"
 #include "ds/cli_helper.h"
 #include "ds/files.h"
 #include "ds/non_blocking.h"
@@ -342,6 +343,8 @@ int main(int argc, char** argv)
   asynchost::ProcessLauncher process_launcher;
   process_launcher.register_message_handlers(bp.get_dispatcher());
 
+  ccf::crypto::openssl_sha256_init();
+
   {
     // provide regular ticks to the enclave
     asynchost::Ticker ticker(config.tick_interval, writer_factory);
@@ -715,10 +718,13 @@ int main(int argc, char** argv)
         auto& [snapshot_dir, snapshot_file] = latest_committed_snapshot.value();
         startup_snapshot = files::slurp(snapshot_dir / snapshot_file);
 
+        auto sha = ccf::crypto::Sha256Hash(startup_snapshot);
+
         LOG_INFO_FMT(
-          "Found latest snapshot file: {} (size: {})",
+          "Found latest snapshot file: {} (size: {}, sha256: {})",
           snapshot_dir / snapshot_file,
-          startup_snapshot.size());
+          startup_snapshot.size(),
+          sha.hex_str());
       }
       else
       {
@@ -843,5 +849,7 @@ int main(int argc, char** argv)
   if (rc)
     LOG_FAIL_FMT("Failed to close uv loop cleanly: {}", uv_err_name(rc));
 
+  ccf::crypto::openssl_sha256_shutdown();
+
   return rc;
 }

src/host/snapshots.h

@@ -2,8 +2,11 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/crypto/sha256_hash.h"
 #include "ccf/ds/nonstd.h"
 #include "consensus/ledger_enclave_types.h"
+#include "crypto/openssl/hash.h"
+#include "ds/files.h"
 #include "time_bound_logger.h"
 
 #include <charconv>
@@ -263,6 +266,10 @@ namespace asynchost
 
     static void on_snapshot_sync_and_rename(uv_work_t* req)
     {
+// don't init / deinit in sync
+#ifndef TEST_MODE_EXECUTE_SYNC_INLINE
+      ccf::crypto::openssl_sha256_init();
+#endif
       auto data = static_cast<AsyncSnapshotSyncAndRename*>(req->data);
 
       {
@@ -280,6 +287,18 @@ namespace asynchost
 
       const auto full_tmp_path = data->dir / data->tmp_file_name;
       files::rename(full_tmp_path, full_committed_path);
+
+      // read and log the hash of the written snapshot
+      auto raw = files::slurp(full_committed_path);
+      LOG_INFO_FMT(
+        "Written snapshot to {} (size: {} bytes, sha256: {} )",
+        data->committed_file_name,
+        raw.size(),
+        ccf::crypto::Sha256Hash(raw).hex_str());
+
+#ifndef TEST_MODE_EXECUTE_SYNC_INLINE
+      ccf::crypto::openssl_sha256_shutdown();
+#endif
     }
 
     static void on_snapshot_sync_and_rename_complete(uv_work_t* req, int status)
@@ -380,6 +399,10 @@ namespace asynchost
 #endif
             }
 
+            auto sha = ccf::crypto::Sha256Hash(*it->second.snapshot);
+            LOG_INFO_FMT(
+              "Writing snapshot to {} (sha256: {})", full_snapshot_path, sha);
+
             pending_snapshots.erase(it);
 
             return;